GPL Odorizers GPL750

Plan PatchCVSS 8.6ICS-CERT ICSA-26-099-02Apr 9, 2026

Oil & gas

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A missing authentication vulnerability in GPL750 odorizers allows a low-privileged remote attacker to modify register values that control odorant injection rates. Successful exploitation could result in too much or too little odorant being injected into a gas line, impairing the ability to detect dangerous gas leaks. Affected versions: GPL750 XL4 v1.0–v5.x, XL4 Prime v4.0–v5.x, XL7 v13.0–v19.x, and XL7 Prime v18.4–v19.x.

What this means

What could happen

An attacker could manipulate odorant injection rates in a gas line, resulting in under- or over-odorization, which could prevent detection of dangerous gas leaks or create false alarms.

Who's at risk

Oil and gas operators using GPL750 odorizers (all variants: XL4, XL4 Prime, XL7, XL7 Prime) for natural gas odorization. This affects any facility that relies on these devices to inject mercaptan odorant into gas distribution lines for leak detection.

How it could be exploited

A low-privileged remote attacker could access the GPL750 odorizer over the network and directly modify register values that control odorant injection rates without requiring authentication, allowing them to alter odorization parameters on the gas line.

Prerequisites

Network access to the GPL750 odorizer
No authentication credentials required

remotely exploitableno authentication requiredlow complexityaffects safety systems

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (4)

4 pending

ProductAffected VersionsFix Status

GPL750 (XL4): >=v1.0|<v6.0≥ v1.0|<v6.0No fix yet

GPL750 (XL4 Prime): >=v4.0|<v6.0≥ v4.0|<v6.0No fix yet

GPL750 (XL7): >=v13.0|<v20.0≥ v13.0|<v20.0No fix yet

GPL750 (XL7 Prime): >=v18.4|<v20.0≥ v18.4|<v20.0No fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to GPL750 odorizers to authorized engineering and operations personnel only using firewall rules or network segmentation

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

GPL750 (XL4): >=v1.0|<v6.0

HOTFIXUpdate GPL750 software to version 6.0 or later (XL4/XL4 Prime) or version 20.0 or later (XL7/XL7 Prime)

All products

HOTFIXUpdate Horner Automation firmware to version 15.76 for XL Series controllers or version 17.30 for XL Prime Series controllers

Long-term hardening

0/1

HARDENINGImplement network monitoring to detect unauthorized attempts to modify odorizer register values or access GPL750 devices

CVEs (1)

CVE-2026-4436

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/09461ee2-0755-447f-adfd-96aa5b1372c7

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.